So I'm not quite convinced about OpenID yet, and here is why:
I already have an OpenID because I have a Blogger account. But I discovered that Blogger seems to be a poor provider when I tried to identify myself on the altdotnet page and recieved the following message:
You must use an OpenID persona that specifies a valid email address.
Lets forget the details of this little error and assume that I want to change to a different provider. So I sign up with a different provider and get a new, different OpenID - how would I switch my existing StackOverflow account to be associated with my new OpenID?
I understand this would be easy if I had my own domain set up to delegate to a provider, because I could just change the delegation. Assume I do not have my own domain.
ID tokens are used in token-based authentication to cache user profile information and provide it to a client application, thereby providing better performance and experience.
OpenID itself is secure, however due to its decentralised nature it often assumes that three servers are "trusted". If these servers are not trustworthy then your security is gone.
OpenID Connect is a simple identity layer built on top of the OAuth 2.0 protocol, which allows clients to verify the identity of an end user based on the authentication performed by an authorization server or identity provider (IdP), as well as to obtain basic profile information about the end user in an interoperable ...
An OIDC Relying Party is an OAuth 2.0 Client application that requires user authentication and claims from an OpenID Connect Provider. Security Access Manager supports Relying Party (RP) as part of the support of the OAuth 2.0 and OpenID Connect (OIDC) specifications.
Ideally Stack Overflow would allow you to change your OpenID.
OTOH, ideally you would have set up OpenID delegation on your own site, and used that to identify yourself.
With delegation, you would need only change which service you delegate to. You'd still be identified by your own URL that you control. But that doesn't help now unless Stack Overflow lets you change it. Most sites tie OpenIDs to real accounts, and would let you switch or at least add additional OpenIDs. Doesn't seem like you could map OpenIDs to accounts 1:1 unless the result of access is totally trivial; otherwise you're in a situation like this where you lose your existing questions, answers, and reputation for switching IDs.
So the OpenID protocol doesn't actually offer a solution for this situation? I would have to rely on individual sites to offer some sort of migration function? That's quite unfortunate. The whole design of OpenID seems focused on a "all your eggs in one basket" approach, i.e. you should try to use your OpenID everywhere you can. This would be fine if all providers are identical, but they are not.
Imagine the worse case, where you pick a provider that ends up closing down. Wouldn't you potentially lose your accounts on many sites?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With